<?php 
/**************************************************
 *  MeatBallBot Web-Interface v0.4a               *
 *                                                *
 *  Licenced under the GPLv3                      *
 *                                                *
 *  Originally coded by HttpError (Jordan Songer) *
 **************************************************/ 
include("inc/include.php");

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{ 
$user = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE user = '$user'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) 
{
if ($pass != $info['password']) 
{
}
else
{
header("Location: m/index.php");
}
}
}

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$_POST['user'] || !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database

$check = mysql_query("SELECT * FROM users WHERE user = '".mysql_escape_string($_POST['user'])."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check )) 
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}

else 
{ 

// if login is ok then we add a cookie 
$_POST['user'] = stripslashes($_POST['user']); 
$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['user'], $hour); 
setcookie(Key_my_site, $_POST['pass'], $hour); 

//then redirect them to the members area 
header("Location: m/index.php"); 
} 
} 
} 
else 
{ 

// if they are not logged in 
?> 
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 
<table border="0"> 
<tr><td colspan=2><h1>Login</h1></td></tr> 
<tr><td>Username:</td><td> 
<input type="text" name="user" maxlength="40"> 
</td></tr> 
<tr><td>Password:</td><td> 
<input type="password" name="pass" maxlength="50"> 
</td></tr> 
<tr><td colspan="2" align="right"> 
<input type="submit" name="submit" value="Login"> or <a href=register.php>Register</a> 
</td></tr> 
</table> 
</form> 
<?php 
} 

?>
